The above command will prompt you to answer the questions below, don’t forget to enter values that applicable to your scenario.

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Lower Parel
Locality Name (eg, city) [Default City]:Mumbai
Organization Name (eg, company) [Default Company Ltd]:TecMint.com
Organizational Unit Name (eg, section) []:Linux and Open Source
Common Name (eg, your name or your server's hostname) []:tecmint
Email Address []:[email protected]

Step 2: Configuring VSFTPD to Use SSL/TLS on Ubuntu

3. Before we perform any VSFTPD configurations, for those who have UFW firewall enabled, you have to open the ports 990 and 40000-50000 to allow TLS connections and the port range of passive ports to set in the VSFTPD configuration file respectively:

Then, add or locate the option ssl_enable and set its value to YES to activate the use of SSL, again, because TLS is more secure than SSL, we will restrict VSFTPD to use TLS instead, by enabling the ssl_tlsv1 option:

ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

5. Next, comment out the lines below using the # character as follows:

6. Now, we also have to prevent anonymous users from using SSL, then force all non-anonymous logins to use a secure SSL connection for data transfer and to send the password during login:

allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

7. Furthermore, we can use the options below to add more security features in the FTP server. With option require_ssl_reuse=YES, all SSL data connections are required to exhibit SSL session reuse; proving that they know the same master secret as the control channel. So, we should disable it.

require_ssl_reuse=NO

In addition, we can set which SSL ciphers VSFTPD will permit for encrypted SSL connections with the ssl_ciphers option. This will help frustrate any efforts by attackers who try to force a specific cipher which they possibly discovered vulnerabilities in:

The command line doesn’t support encryption services thus resulting to the error above. Therefore, to securely connect to a FTP server with encryption services enabled, we need a FTP client that supports SSL/TLS connections by default, such as FileZilla.

Step 4:Install FileZilla On Clients to Connect FTP Securely

FileZilla is a powerful, widely used cross-platform FTP client which supports FTP over SSL/TLS and more. To install FileZilla on a Linux client machine, use the following command.

That’s all! Always remember that installing a FTP server without enabling encryption services has certain security implications. As we explained in this tutorial, you can configure a FTP server to use SSL/TLS connections to implement security in Ubuntu 16.04/16.10.

If you face any issues in setting up SSL/TLS on FTP server, do use the comment form below to share your problems or thoughts concerning this tutorial/topic.

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.